Their content is great, but their subscription system is abhorrent. I’m not resubscribing in the future despite liking their content, and wouldn’t recommend that anyone else does either.
If you want to cancel your The Economist subscription, you can’t just click a button. You need to wait to talk to a sales rep in a chat room… when they arrive, they will basically beg you to stay; here’s a discount offer and here’s another, you’ve been a subscriber for X years why stop now. Only after insisting for 15min that you really want to cancel will they let you. I’ve gone through that process twice, and find it very off-putting.
Yep this. I was on their signup page about to pay and thought to check how hard it is to unsubscribe. I found the exact same process you outline, and many people with worse horror stories where it took all kinds of time and aggravation to cancel their subscription. The content itself is great, but I won't pay money to support those sorts of sleazy business practices.
I even double checked with a support rep to see if anything had changed. Not only did they confirm that there's no easy option to unsubscribe, they tried to gaslight me into thinking that this was for the customer's benefit!
I used to be a subscriber for 20+ years, they are worth their money.
Why "used to", then? because a couple of years ago I could not basically find a way to have my paper version subscription renewed. I was literally not able to renew it! after a few "chats" with their sales reps, I gave up in frustration and discovered I can live without.
IIRC, thew wanted you to have the electronic version at all costs, while I'm happy with paper.
In any case, in an age of vapourware crappy SEO articles, they have a lot of meat, and a global world-view. It's the best way to spend money on news.
I have digital+print. They improved the print version again, so you can remove the glue sticker from the pretty cover, it's embedded in a water-proof shell and the format is simply the best.
I receive the physical "newspaper," but typically consume the content through the audio version, about 8-9 hours every week. Pretty good value for $100-150/year!
This article makes me think of an intercom system I maintain at one of our buildings. The fact that it is offline and each location is physically wired = it’s safe and secure. Another school district about 80 miles away had their systems hacked including phones, cameras and intercom .. as they were all meter and “cloud” based.
Just makes me rethink does everything thing need internet access. Sometimes perhaps simple safe and secure may fit better. Kind of off topic of this article but the concept just kind of got me thinking out loud.
It depends on threat model. A wired intercom can be easily bugged with a physical implant. Discovering such a bug is also a completely different art from securing code, so different that some would claim it is more difficult to secure with any guarantee of confidentiality.
The cloud-based model might be leaky due to complexity but has the capability to deliver cryptographic assurance, which is a huge win in the long run. Modern cloud delivery is infamously insecure at the current point in time because most companies do not care about the security of their customers, and most customers are not aware of more secure options. But in the end as the technology matures it will be far more secure.
Of course, cutting off internet access is a good practice and most cloud connected systems play happily with a proxy.
Its possible to design internet connected systems that are secure and reliable. But usually "internet connected" means "dependent on continuous connectivity to some external service that needs to be actively maintained by a third party otherwise it'll stop working", which makes the "reliable" part difficult, and the fact that its exposed to a network with other devices on it and you have no way of knowing how competent that same third party is when it comes to security makes the "secure" part difficult.
Offline systems have way fewer failure modes such that they're often "secure and reliable" by just default, at least in comparison to the alternative.
We're talking about an intercom in a school system. Why would they care about encryption or someone listening in? They probably just want to be able to talk to other people on campus, and not have it be taken over remotely by some script kiddie and turning it into a node in a botnet.
Yeah love those threat models where physical access is a topic but basic MFA measures are not even done.
This is like comparing yourself to Fort Knox while not even locking your door.
Physical access is not a problem when basic other measures are not taken. If physical access is your largest threat then you already safer than 90% of companies imo.
>Physical access is not a problem when basic other measures are not taken.
Why? In my home I have a Synology NAS server, not connected to the internet, where I store unencrypted data. It's not secure out of the box, and I didn't attempt to harden it.
Trying to understand why the Nein Nines could happen. My first thought for a “fill” algorithm would be to just fill with zeros, and hence read out the pad, since it is going to be used up anyway. But I suppose that’s bad since if it did accidentally get re-used then that cyphertext would be fully compromised (versus say having two cyphertexts from the same pad to run a frequency analysis against). Another fill would be to add random data and pad against it, but then if your random data is flawed, you may still leak the OTP. So, I guess the actual algorithm must be derived from the OTP, but not padded with it? (Since if it were padded, there is no way to avoid a 9 digit). It just seems like zero or semi-random fill seems safer…
> My first thought for a “fill” algorithm would be to just fill with zeros, and hence read out the pad, since it is going to be used up anyway.
That also would use up the pad when there are no messages, requiring some secure way to get a new pad to the operatives when their existing pad is consumed. This is difficult enough (secure delivery of new pad) that it is unlikely that spy-HQ wishes to consume pad data for fill.
> But I suppose that’s bad since if it did accidentally get re-used then that cyphertext would be fully compromised
Yes, if they reused any part of any pad for more than one single message, they have compromised (and revealed) the contents of the reused pad messages. This is the other difficulty with OTP's. The OTP data must never be reused. Which is alo why spy-HQ would not want to use it (the OTP) up for the fill, because to avoid reuse then they have to get new pad material to the operatives in some secure way.
> So, I guess the actual algorithm must be derived from the OTP, but not padded with it?
The 'implication' of the article is that the fill is just random data (without using up any pad material). Possibly with the appropriate headers in place so that it looks indistinguishable from a read message in the same slot.
The further implication is that the Cuban station did something essentially like this:
for (count=0; count<20; count++) {
send(int(rand()*9));
}
With a rand() implementation that returned a number from zero to 1.0 exclusive of 1.0 and an int() implementation that merely truncated any fraction from the multiplication. With the result that 9 is never sent.
Even if it returned 1.0, that would still leave 9 being produced a _very_ small amount of the time (like 1 in 18 quintillion assuming the full range of a float mapped from 0.0-1.0). Even at 20 characters, 24 times a day, year round, you’d only see a 9 pop up once in every 100 trillion years or so.
Lots of ways to mess that up (`rand() % 9`?). I’m more surprised that nobody noticed for so long. It’s not like this was some subtle cryptographic bug that would have required deep analysis to catch… “you had one job”, and just glancing at the output was, evidentially, enough for a lot of other people to catch on.
that's kind of the beauty of the system. we actually have no way of knowing if it was just random fill.
maybe they were just random digits with an off by one error or some other problem with the symbol set missing one symbol.
or maybe the supposed fill messages can actually be cryptographically confirmed as authentic fill messages via some clever scheme (that the implementation of turned out to be buggy).
or maybe someone from some sort of field operations chain of command just slammed the table and said "my people are tired of trying to decrypt fill messages, i don't care, just cut the nines out so the field agents know if there's a message."
It says in the article me that the spies would decrypt and verify a header before moving on to the main message. Presumably the fill messages would simply not have a valid header, or it would have a special header that indicated it was a fill message.
According to the Matt Blaze article, the Radio Havana numbers station sends 3 messages per hour. At the start of the transmission, three 5-digit message identifiers are sent for the 3 messages to be transmitted.
My guess is there's some cryptographic structure to these indicators that tells agents if the messages are for them, so they can shut down their listening early if none of the three messages are for them. If it were otherwise, I would expect each indicator group to be before (or inserted at a secret agent-specific offset within each message) each message. If you listen to the mp3 recording linked from Matt's article, you'll notice that the three indicator groups are repeated before the actual messages begin. Presumably the repetition is to guard against the indicator groups being garbled, since if the indicator group gets garbled, the whole message is garbled. On the other hand, a garbled regular message group would only result in a few characters of the plaintext being garbled.
Placing the indicator groups at constant (and secret) per-agent offsets within the messages has been known since at least WWII. In the case of an OTP, having a secret offset of the indicator group makes it harder to detect if the fatal error of pad reuse has been made. In the case of other ciphers, making the location of the indicator group secret also complicates cryptanalysis.
It wouldn't make sense to separate out the indicator groups like that unless it provides some operational advantage to offset the small cryptoanalytic toehold provided by highlighting the indicator groups. Allowing agents to shut down their listening early is the most obvious advantage I can think of.
The simplest cryptographic structure (and devoid of bias if the OTP is devoid of bias) would be to simply have the indicator group be the first 5-digit group for the next page in the OTP. The agent would need to check the next several pages of their OTP to verify they hadn't missed any messages. Encrypted headers within the messages could be used to handle the rare cases of collisions across agents, rather than introduce extra stucture (weaknesses!) to prevent any two agents from ever having duplicate indicator groups across their next few pages of OTP material.
Of course, it is also possible that these repeated indicator groups at the start of the transmission are just decoys and the real indicator groups are somehow hidden within the messages in some way that provides redundancy without revealing which groups are the indicator groups. Maybe the first three groups of the OTP page are placed at 3 constant offsets within the message or something.
But, my guess is that these repeated indicator groups at the start of the transmission really are there to let the agents know that they can shut down their listening early when there are no messages for them.
I didn't mean to imply that. What I meant to imply is that at the beginning of their appointed hour, they tune in to see if they have a message that day/week.
However don't you think your own explanation of improving security against accidental key reuse could be the explanation, with the repetition being there only for that purpose?
The extra protection against key reuse requires the attacker to be uncertain of which group is the indicator group. Placing indicator groups at the beginning of the broadcast would prevent that, but would allow agents to better avoid detection by minimizing the time they need to listen.
(1) a one time pad is and will remain highly secure
(2) blocking shortwave radio (even if you are a nation state) is more difficult then taking down web assets.
(3) there are benefits to security by obscurity when its part of a layered approach with constant maintenance and feedback (#3 is my controversial take)
A one-time pad generated correctly and used correctly will remain highly secure, provided you have a highly secure means of sharing the key material. There's a lot rolled into those assumptions.
At the same time "highly secure" is significantly underselling it. One time pads (if properly implemented) are information-theoretically secure. Even if you solve P=NP your one time pad will not be cracked. It is safe against an adversary with both infinite time and infinite compute.
And the cost is that one-time pads are a royal pain in the ass. But if you're willing to pay that price without cutting corners, you get a completely unbreakable crypto system that will laugh in the face of the NSA and quantum computers.
In fairness, quantum doesn't really help against normal crypto (of the type that is being discussed - symmetric). AES-256 will also laugh in the face of QC.
TBH, I think "highly secure" might be overselling it. Yes, assuming you're generating random numbers well, there's actually zero chance your security will be breached because of an attack on your encryption algorithm. But there's not actually zero chance that your random number generation is flawed, and (very much more important) the cost is in making harder the pieces of your system that are probably more likely to fail in the first place. And of course you're still potentially vulnerable to traffic analysis and such even if all the rest goes right.
> But there's not actually zero chance that your random number generation is flawed, and (very much more important) the cost is in making harder the pieces of your system that are probably more likely to fail in the first place.
I don't think it's that hard to get true randomness. Just measure something random in nature like radio static.
There are server cards (or were at least some time ago) with tiny bit of mildly radioactive material, well enclosed of course, and a good sensor for those isotopes/particles.
I've heard other approaches including that static too, ie the famous analog TV without real signal, IIRC its cosmic microwave background, or camera watching water drops fall or similar. There are many other ideas (and probably products too), the only thing is one needs to keep it 100% reliable across long time.
Genuine question: How are those random sources actually used?
I would think that for crypto it’s very important to not just have random numbers, but to have a uniform random distribution. Many natural sources would be either Poisson or Gaussian; if you make an assumption for the distribution you could of course make it uniform, but that assumption would be a weakness if inaccurate or changing over time.
So how is a true random source usually used to ensure uniform random outputs?
A truly random source will yield independent and identically distributed values.
You can take a collection of those values and convert them to an index in the set of all possible permutations of those values. That index will be uniformly distributed in the range of the number of permutations, regardless of the input distribution so long as it's IID.
Once you have a uniform value on a range you can extract uniform bits from it.
See also: Von Neumann's debiasing algorithm.
In practice RNGs use some kind of debiaser, though often they use ones that leave a lot of entropy on the floor. OTOH, stronger debiasers are more harmed by failures to be completely IID (e.g. some inter-output correlation, or the distribution changing over time with temperature).
It’s a well known exercise in prob textbooks (edit: it’s the algo referenced in the other reply) to convert one distribution to another. If you can generate gaussians (or any other distribution) you can generate uniform variates. It’s a very simple application of rejection sampling that involves some efficiency loss, but that’s irrelevant at the time you’re getting your OTPs.
Perhaps not, but truly secure randomness is much harder. If someone else can measure the same thing you're measuring then it doesn't matter if it's random. If they can influence what you're measuring that's even worse. In the case of radio static, for example, your RNG could be compromised by a another compromised device simply colocated nearby.
In the event your adversary knows so much about your procedures that they can tune into the radio used to generate randomness, presumably it would be much easier just to steal the piece of paper the pad is written on.
Which does kind of further your point that one time pad makes more secure the parts that are already incredibly secure, while not helping the real weaknesses of cryptosystems i.e. the human element.
The fact that 3 is controversial is telling of the sad state of the security knowledge of techies generally. The most people seem to be able to do is to cargo cult / parrot, misunderstand, and misappropriate quips like “security by obscurity bad!” when it, all else equal, is a perfectly reasonable and often useful additive measure to take if it’s available to you.
A knee-jerk aversion to anything halfway adjacent to "security by obscurity" is flawed, but this reaction to that aversion is also flawed.
Instead of trying to suggest "security by obscurity is fine, actually, and don't worry about it", it's time for us to just stop being pithy and start being precise: your cryptosystem should be secure even if your adversaries understand everything about it. If that is true, then you can (and, in the real world, almost certainly should) add defense in depth by adding layers of obscurity, but not before.
While “security by obscurity” may be good for some spy agency as an additional layer over a system that would remain secure even if it were published, most people are right to say that “security by obscurity bad!”, based on the known history of such systems.
The reason is that, without any exception, every time when some system that used “security by obscurity” has been reverse engineered, regardless if it was used for police communications, mobile phone communications, supposedly secure CPUs etc. it was discovered that those systems have been designed by incompetent amateurs or perhaps by competent but malevolent professionals, so that those systems could be easily broken by those who knew how they worked.
“Security by obscurity” is fine for secret organizations, but for any commercial devices that incorporate functions that must be secure it is stupid for a buyer to accept any kind of “security by obscurity”, because that is pretty much guaranteed to be a scam, regardless how big and important the seller company is.
Obscurity is OK only when it is added by the owner of the devices, over a system that is well known and which has been analyzed publicly.
> The most people seem to be able to do is to cargo cult / parrot, misunderstand, and misappropriate quips like “security by obscurity bad!"
That is the point. It is a good rule of thumb for people who don't know much about security. Anything they create trying to add more security to their system is more likely to do the opposite.
If you think you know better, feel free to ignore it. Just be aware you wouldn't be the first who thought they knew what they were doing or even the first who did know, yet still messed up.
This misunderstands how "security by obscurity" came about, because there are good and bad types of obscurity. Back in the 1800s people were selling shoddy locks that were easy to pick and they were mad that people were disclosing lock picking methods: https://www.okta.com/identity-101/security-through-obscurity...
This history repeated later, with people making shoddy cryptography where they didn't want anyone to know how it worked, and similar things, most of which got broken in embarrassing ways. This sort of obscurity was actively harmful and let people sell defective products that people relied upon to their detriment.
Meanwhile, there are good types of obscurity, too. For example, there are the information disclosure CWEs that tell users of products not to disclose version numbers, stack traces, etc. to users, and this sort of "obscurity" is perfectly reasonable and widely accepted.
So it's not the case that all things that might be termed "obscurity" are bad.
You can even poke holes in it using their own terminology. Obscurity is equivalent to minimizing attack surface area. The less adversaries know about your system the smaller of a target it is.
I think there's overlap between surface area and obscurity, but they're not equivalent. To use the most pedestrian example, moving SSH off of port 22 makes it more obscure, but the total surface area hasn't gotten smaller.
Yeah. I think it's the result of conflating theoretical cryptography and practical IT security. Kerckhoffs's principle is true in the theoretical domain and it's certainly important that the designers of standardised crypto algorithms adhere to it but it doesn't follow that it's pointless to change your SSH port.
Things are more secure if you share your file with a specific set of users, but that requires your counterpart to have an account with the system you’re using (eg a Google Account for Google Drive). When sharing files with an arbitrary counterparty, it’s often sufficient to generate a publicly available, unlisted/unindexed, hard to guess URL. Even better if it’s time boxed.
I’m sure there are attackers who attempt to identify and enumerate these URLs. If they’re well designed though, it should be infeasible to guess the link.
It is much harder than it would seem to keep these links secret. If one of your assets gets caught by other means, they could endanger the entire network if they use the same methodology.
The CIA thought they had a super great system, and then many of their assets got rolled up at once in a hugely embarrassing (and deadly) blunder.
" there are benefits to security by obscurity when its part of a layered approach with constant maintenance and feedback"
im not sure i understand what this means, can you provide an example and why its controversial?
do you mean a one time pad using memes via image steganography on heavy traffic forums? I recall this is what North Korean spies used to do in early 2000s
> im not sure i understand what this means, can you provide an example and why its controversial?
There is a longstanding tradition of vendors of mediocre 'security' systems using trade secrets/restrictive license terms/anti-hacking laws to cover up their mediocrity.
If you're shopping for a garage door opener and one vendor publicly documents their security system and well known experts have given it their thumbs up, while another vendor says their system is secret and has sued people for attempting to reverse engineer it? Knowledgeable folk would have far more trust in the former than the latter.
still dont get it. are you saying the former is susceptible to layering attacks where they get people to drop their guard? or that the latter which is secretive is to conceal its actual use
I've heard that before. So this statement in the article: "A high-powered transmitter can be located. But the receiver, tuning in to a station at a pre-scheduled time, cannot" is not strictly true?
If you're a spy and you think spycatchers know your address, there's a risk of them bugging your home and overhearing the numbers station, or breaking in and finding your one-time pads. So you should probably act with the utmost caution regardless of the details of radio receiver design.
Some radio receivers have existed that leak signal at the intermediate frequency, due to inadequate shielding. But it's not just a privacy problem, it also means that receivers operated near to one another can interfere with one another due to crosstalk at the intermediate frequency; it would be inconvenient if your car radio lost signal any time you were stuck in traffic and other drivers were using their radios. So usually designers add more shielding.
It's difficult to know the truth because there are some organisations that benefit from exaggerating the possibilities of things like this - for example, a cable company might hope to deter cable pirates by claiming they have roving detectors that can detect people pirating cable.
The technical director on that remake had a sound head on his or her shoulders.
They correctly treated many aspects and details that today go ignored and addressed many of the issues that apply to us today with regards to adversaries who can by nature react faster than we can perceive.
The solution had cost tradeoffs, but in the end it proved the correct decision through virtue of the fact that the story continued (and they weren't all killed off in episode one).
> it proved the correct decision through virtue of the fact that the story continued (and they weren't all killed off in episode one).
In the show’s fictional plot, the decision seems correct because the story continued and the characters survived. However, we shouldn't judge decisions in real life by how they are portrayed in fiction. In modern fiction, decisions are often shaped to please audiences, not to reflect real-world correctness. Thus, it may not be wise to judge these fictional decisions by the same standards we use in real life.
Exactly. This is a pet peeve of mine, with the most common incarnation being: no, the dinosaurs in Jurassic Park do not escape because the writers proved that chaos theory makes a dinosaur zoo mathematically impossible, they escape because otherwise you and I would not pay to see the movie.
I remember after seeing Jurassic World in theaters a friend (who hadn't seen it yet) asked me if it was good, and I said something like "even though you know everything is going to go wrong, it's still entertaining seeing all of the set up before it happens", and they were upset at me for "spoiling" that the dinosaurs eventually break loose. I was taken aback because I thought it was pretty well understood that seeing dinosaurs wreck a bunch of stuff was basically the whole point of the franchise, and the movie would be boring otherwise.
In a way, I'm almost envious of the ability to experience a story without being distracted the "meta" knowledge that what happens at every step is a deliberate choice by the writer. I'd probably be a lot more into movies if I could somehow believe that events in them unfolded organically like in reality rather than sometimes being forced for plot convenience.
Well, maybe you mis-communicated and spoiled the dinosaur thing, since there's an inconsistency, because that doesn't make sense with the paraphrase you provided, seems like there is something missing.
That said, the development of meta knowledge is a sign of maturity.
It means you've watched or read enough of the same story to see the repeating pattern and by extension to see the holes that poor quality storytelling leaves.
It is magic for the reader when a story is crafted that can fully suspend disbelief especially when it is masterfully done. Some mediums and structures are really difficult to do this, like with the book The Reality Dysfunction (1400 pages?). There are something like 12 concurrent threads that jump around, its not that entertaining until you alter your reading habits and decide to skim or skip the threads of characters that don't interest you (saving them for a second read through if interest remains as a whole).
Needless to say, there are very few examples today of higher level of craft in current media because the corners have been cut beyond the point where they can remain in the finished product. The market has shrunk over time with the suppression of wages. You have to go back to much older production to really see this. If you haven't already watched it, check out the 1934 Count of Monte Cristo with Robert Donat, and a few of his other films (The 39 Steps) as a starter. Depending on your taste for more abstract film you might enjoy Ink with Christopher Soren Kelly, since it has many elements that are bit of a throwback to earlier cinema (if you haven't already seen it).
Overall, all it just means you need to focus on higher quality stories that surprise you. The meta knowledge helps you discern the trash from the gold.
There is far more trash today because most production companies have dual purposes. Making a profit, and seeking to distort reflected appraisal, pavlovian association of unrelated stimulus (associative priming), or destructively interfere with self concept of the viewer (without their knowledge), for thought reform and control; John Meerloo and Robert Lifton have background in that subject matter if you are interested in how actual brainwashing works in practice (its not absurd like they show in the movies, but it is often quite evil and dark not light reading).
You might enjoy reading The Hero of a Thousand Faces.
> Well, maybe you mis-communicated and spoiled the dinosaur thing, since there's an inconsistency, because that doesn't make sense with the paraphrase you provided, seems like there is something missing
My point is that Jurassic Park movies always involve dinosaurs running around freely and causing havoc rather than a fun trip to a fancy zoo, and I assumed that was everyone's expectation going in, whereas this friend genuinely thought there was a chance that no dinosaurs would escape their cages during the duration of the film. Re-reading my comment, it's not obvious to me why it doesn't make sense to you, so I think it's safer to assume that there's a miscommunication happening here rather than in the conversation I had almost a decade ago.
Unfortunately, the School education system has decided that only a certain interpretation is correct.and sometimes that is not even interpretation of the books author
Well, in fairness the majority of that system has been taken over by communism. Quite a lot of the methods and techniques they use are based in Marx or Mao, though the teachers aren't taught the origins of the tools they use, which have been obscured.
For some background, Lifton, Meerloo, New Discourses (youtube), inform.
To be fair, hollywood productions hardly ever touch the whitehouse or policies playing out and showing effects, to the point where it almost seems like the lack of coverage is perhaps even intentional imho. I did a very quick internet search on "movies about the white house" just because I was drawing such a blank and I only get White House Down, Olympus has fallen, and Independence day as the main search results.
Yes, that does goes without saying for unvetted sources, what you say is just a less formalized way of saying, follow Descartes Rules of Method.
That said, the handling of the tech received a seal of approval from me, and I've quite a bit of professional background in IT System's Engineering, and a periphery of Cyber.
I mean what they do really is not that much of a leap, and would improve existing security by orders of magnitude by eliminating swatches of attack surface that the worst of the worst malware out there uses today.
Punch cards (upgraded) -> Optical printouts that can be physically changed to load firmware and and the functional software from a physically modifiable medium. (A known working, knokwn safe state at the lowest level).
No persistent internal state at the hardware/firmware controller levels (for bad actors to abuse with an APT such as some of the DMA shennanigans, hooking, and bus tricks).
Non-networked except between critical fortified systems (to limit spread).
Sure you take some performance hits, but its resilient with few single points of failure (such as the physical medium).
Not really a good article. You can and should apply the exact same argument to number stations as you apply to all the technology they criticize: they are vulnerable to being compromised at the supply-chain/provenance level. I'm not a radio expert but I'm also pretty sure that you can interfere with their signals. And you can communicate using OTPs using a computer network as long as you're smart about it.
Actually the one interesting point made is that nobody can track whether you're tuning into a particular station. On a network, there has to be some traceable path of connections between the transmitter and receiver: even if the message is hidden in some other content or transmitted through a bunch of proxies, that traceable flow of data must exist. It makes me wonder how common it is to open ephemeral p2p connections over shortwave to transmit data between two computers - I'm sure someone's thought of it, and I think I brought it up one time during a quant firm system design interview.
> Actually the one interesting point made is that nobody can track whether you're tuning into a particular station
That’s a juicy enough piece of information that they probably have something for it. Does the radio emit any heterodyne signals when tuned to particular frequency? Maybe a super-sensitive satellite, drone or other sensors can pick it up.
Another option I could think of is to somehow infiltrate and compromise popular short wave radio models sold. Make them emit some signal marker which would identify the radio station it’s tuned to.
Pretty far fetched but the three letter agencies have spent money on crazier stuff than that in the past
My counter-counter-intelligence idea is that since you know where the radio broadcast station is, you can probably implement some kind of faraday cage with an aperture oriented towards the broadcast station. That way any kind of radiation emitted from the receiver also gets sent in that direction. That way detecting a signal emanating from the receiver requires being in the cone outside of that aperture (and I doubt those signals are so strong that they can be seen from space).
I'm sure your counter-counter-counter measures might start from the premise that, with you also knowing the location of the broadcast station, you might be able to guess at the most likely receiving orientations if you knew the most likely places for a receiver to be located. Eg a shortwave reciever equipped with a faraday cage + aperture listening to codes from Russia in Manhattan would emit a cone in the direction of Stamford. But I also suppose that I might know my receiver emits this kind of signal, and use some other device to emit junk signals that look similar, or scatter around a bunch of receivers while only using one.
Or I might try to only set up receivers in places where the cone would be inconvenient for you to intercept, or obvious that you were trying to intercept. Eg over the ocean.
LoRa is just a transport layer. You can do whatever encryption you want and LoRaWAN has some basic encryption built in. It's hard(er) to triangulate if you don't have constant traffic (like route updates in mesh, or heavy concentrated users like at a concert or protest), but be aware that AWS sidewalk (and all the alexa devices fielded in peoples homes, etc.) run LoRa antennas and traffic. So in the US, Amazon could do a reasonable job at triangulation of frequent emitters. In China and EU there is infrastructure in place (5G/SDR stuff overtly) that can do a pretty good job at triangulating a wide band of RF emitters.
Meshtastic is not really designed to avoid that, but more for resiliency and off-grid type scenarios. Your best bet of really avoiding triangulation by state or telco level infratructure is to get creative with frequency and even transport layer hopping. None of which is really consumer friendly.
[edit-to-add] another tactic to for low probability detection is to hide in noise on high traffic channels. basically figure out what their filter sensitivty is and see if you can go below that threshold and still maintain coherent channel, etc.
On the subject of hiding in high traffic channels, I wonder if I can even mention satellite piracy without getting on more watchlists. It's a thing that exists. Many satellites are relatively unsophisticated signal repeaters, and the antenna that receives their uplink signal isn't very directional, either. Or so I heard. Some companies have been known to go crazy trying to find out who's transmitting to their satellite that shouldn't, because they could be almost anywhere. Of course, if caught, they go to prison for a long time.
The United States military has legacy UHF satcom satellites that are essentially bent-pipes that operate on UHF frequencies. There is an entire subculture of South American and European pirates that uses these transponders for everything from clear voice to encrypted data.
and they do this right alongside active, legit meant US military users. It’s wild.
> Of course, if caught, they go to prison for a long time.
I can’t imagine how that would work, I could be in a foreign country or international waters. Who would have your jurisdiction? I don’t think it’s forbidden to send radio waves into space
Anyone who can acquire physical access to your body. Don't think that being in lawless places means you can avoid the law - it means they don't have to follow the law either when catching you.
Yeah, it's also worth noting that Starlink and a few other commercial companies are offering text-based services to _unmodified_ cell phones (no special sat hardware), which means they can get signal, IMEI, etc. LoRa is also used as transport layer for some cube sats and edu type sats. A new company just tested Bluetooth-to-sat. So even on the commercial side there are overhead sensors that you may need to be concerned about on the triangulation front. It's a hard problem to crack...
Starlink satellites are not dumb signal repeaters. They also use relatively localised spot beams. But yes, anything you transmit through one probably can't be localised to within more than about a hundred km, if the only available information is which beam you're in at which time.
You'd need to avoid providing information about the time the beam crosses over your position, which means you'd only activate your connection sporadically, at carefully planned times. You might pick a location relatively near you and down-orbit from you, and connect when that location comes into view of a new spot beam, and disconnect when it's directly over that location, perhaps.
I think his point was that unmodified existing phones are now both in range of satellites and able to communicate with them, ie no towers needed for surveillance.
Near verticial incidence skywave https://en.wikipedia.org/wiki/Near_vertical_incidence_skywav... using the HF bands and HF antenna very close to the ground. This will cause your signal to basically only go up and then bounce off the ionosphere. This causes you signal to skip a ring of a ~100 miles around you forming a donut of gound locations that can receive it from the ionosphere bounce.
The triangulation will not be to your location to to the ionospheric bounce. Locally it'll propagate via groundwave but that will quickly die out with the first hills and valleys.
A network of ~300 mi seperated stations doing NVIS could be fairly hard to locate. To make it slightly harder you could try using ultrawide bandwidth modulations (UWB) at HF freqs but propagations differences between the freqs will make it hard.
I say all of this but it depends on your threat model. Nowadays major nations have electromagnetic signals intelligence satellites even for HF up in orbit and have a line of sight to everything.
This is exactly what Meshtastic is designed to do. Messages are encrypted with AES256, its extremely low power (And thus hard to triangulate), and can use a low powered repeater, hiding the location of a sender using a directional antenna. Nothing is impossible in terms of tracing or finding vulnerabilities but Meshtastic makes it a pain for an adversary.
meshtastic is terrible for avoiding triangulation. you operate in receiver mode and you have a unique ID. so you can send nonsense packets to that ID repeatedly and it'll send them right out again.
Any kind of forwarding system with static IDs is very much not triangulation resistant.
If you're an average Hacker News user, you use Tor over the Internet. If you're a more paranoid one, you use Tor to access your Protonmail account that you use with Mixmaster.
Can you please provide evidence that this isn't a scam website? It's pretty common for scammers to prey on scam victims since they're often desperate and emotionally compromised.
I think those old technologies are still around, because it's hard to train older spies on new technology. They learned that knowledge decades ago and would have a hard time to learn new things. So they let them use the stuff they know, instead of risking some boomer making an opsec mistake by updating their Facebook status on a secure device while doing sensitive communication.
I would wager that is has more to do with leveraging existing infrastructure that is commonly deployed to more than just G7 nations and working with people in those countries who may not have a Q branch handy nor could afford to be caught with gear-turned-evidence.
As well, as any honest engineer knows, new tech is rarely reliable and bug free. You may adopt it for other benefits, but assurance is generally not one of them. So if lives depend on something, you may keep using things that have been proven reliable.
At least the USA and our allies are extremely conservative in adoption of unproven tech and have extremely high standards for security. The article states "modern methods are not safe" and is correct, in my experience. Numbers stations and One-Time Pads are a well-known and proven method, not just the encryption, but the entire process from delivering the pads to receiving the messages.
> It’s even harder to train new people in Old technology
My thought is, that new people are trained on modern technology (how to acquire and set up a secure laptop OS or how to configure a smartphone), and older employees still "run" on the old technology.
This is such a HN response. “If they aren’t using new technology, it’s gotta be [disparagement and putdowns, without any consideration being paid to whether or not the ‘newer’ stuff is worth it, let alone better]”
Around 10 years ago there were some Russian "illegals" captured in Germany. It was really a lot like in the TV show "The Americans".
They seemed to have communicated a lot with radio and coded messages. They also used some Windows software to decode some of those messages. And exactly there they made a mistake and some messages could be restored.
It seems like they only got very limited recurring training after their initial training in the 90s. So they might have had very limited IT opsec knowledge.
The analog radio technology is also far from perfect. In their case the neighbours became suspicious, because they never opened the door at specific times, probably when their transmissions were scheduled. They also sent some radio transmissions from a nearby hill, that might have played a part in their capture.
I'm convinced that some encrypted messages over a commonly used messenger or email provider would be way more secure. They would just disappear within billions of other encrypted messages.
This whole Technology Quarterly was terrifically written and researched for those wanting further reading: https://www.economist.com/technology-quarterly
They're all on the Internet Archive to read free, e.g. https://archive.md/Ed12X
Just a minor nitpick. To my knowledge, Archive.today is not known to be related to the Internet Archive (archive.org).
I wouldn’t call it a minor nitpick. From the Internet Archive’s Wikipedia page:
> The Internet Archive is an American nonprofit digital library founded in 1996 by Brewster Kahle.
https://en.wikipedia.org/wiki/Internet_Archive
In other words, it’s a legal entity and we know who’s behind it.
In contrast, we don’t even know who runs archive.today.
https://gyrovague.com/2023/08/05/archive-today-on-the-trail-...
Yes, they're unrelated.
The Economist also offers a monthly subscription and some free trials. But honestly, they're simply worth their money.
Their content is great, but their subscription system is abhorrent. I’m not resubscribing in the future despite liking their content, and wouldn’t recommend that anyone else does either.
If you want to cancel your The Economist subscription, you can’t just click a button. You need to wait to talk to a sales rep in a chat room… when they arrive, they will basically beg you to stay; here’s a discount offer and here’s another, you’ve been a subscriber for X years why stop now. Only after insisting for 15min that you really want to cancel will they let you. I’ve gone through that process twice, and find it very off-putting.
Yep this. I was on their signup page about to pay and thought to check how hard it is to unsubscribe. I found the exact same process you outline, and many people with worse horror stories where it took all kinds of time and aggravation to cancel their subscription. The content itself is great, but I won't pay money to support those sorts of sleazy business practices.
I even double checked with a support rep to see if anything had changed. Not only did they confirm that there's no easy option to unsubscribe, they tried to gaslight me into thinking that this was for the customer's benefit!
I'm in Germany and can cancel/change my subscription at myaccount.economist.com
I’m in Norway and had to go via a sales rep.
Are you sure that you can click cancel without talking to a sales rep? If so, are there perhaps local German (not EU/EEA) rules on this?
I used to be a subscriber for 20+ years, they are worth their money.
Why "used to", then? because a couple of years ago I could not basically find a way to have my paper version subscription renewed. I was literally not able to renew it! after a few "chats" with their sales reps, I gave up in frustration and discovered I can live without.
IIRC, thew wanted you to have the electronic version at all costs, while I'm happy with paper.
In any case, in an age of vapourware crappy SEO articles, they have a lot of meat, and a global world-view. It's the best way to spend money on news.
I have digital+print. They improved the print version again, so you can remove the glue sticker from the pretty cover, it's embedded in a water-proof shell and the format is simply the best.
I receive the physical "newspaper," but typically consume the content through the audio version, about 8-9 hours every week. Pretty good value for $100-150/year!
Is the Technology Quarterly available as a physical magazine I could buy anywhere? It’s not obvious what the best way to buy individual issues is.
This article makes me think of an intercom system I maintain at one of our buildings. The fact that it is offline and each location is physically wired = it’s safe and secure. Another school district about 80 miles away had their systems hacked including phones, cameras and intercom .. as they were all meter and “cloud” based.
Just makes me rethink does everything thing need internet access. Sometimes perhaps simple safe and secure may fit better. Kind of off topic of this article but the concept just kind of got me thinking out loud.
It depends on threat model. A wired intercom can be easily bugged with a physical implant. Discovering such a bug is also a completely different art from securing code, so different that some would claim it is more difficult to secure with any guarantee of confidentiality.
The cloud-based model might be leaky due to complexity but has the capability to deliver cryptographic assurance, which is a huge win in the long run. Modern cloud delivery is infamously insecure at the current point in time because most companies do not care about the security of their customers, and most customers are not aware of more secure options. But in the end as the technology matures it will be far more secure.
Of course, cutting off internet access is a good practice and most cloud connected systems play happily with a proxy.
Its possible to design internet connected systems that are secure and reliable. But usually "internet connected" means "dependent on continuous connectivity to some external service that needs to be actively maintained by a third party otherwise it'll stop working", which makes the "reliable" part difficult, and the fact that its exposed to a network with other devices on it and you have no way of knowing how competent that same third party is when it comes to security makes the "secure" part difficult.
Offline systems have way fewer failure modes such that they're often "secure and reliable" by just default, at least in comparison to the alternative.
> A wired intercom can be easily bugged with a physical implant.
I think the big impact here is that mundane systems which are now connected to the internet have become targets for remote vandalism or espionage.
We're talking about an intercom in a school system. Why would they care about encryption or someone listening in? They probably just want to be able to talk to other people on campus, and not have it be taken over remotely by some script kiddie and turning it into a node in a botnet.
Thus "It depends on threat model."
In this case, clearly the simpler tech was a better fit.
Yeah love those threat models where physical access is a topic but basic MFA measures are not even done. This is like comparing yourself to Fort Knox while not even locking your door.
Physical access is not a problem when basic other measures are not taken. If physical access is your largest threat then you already safer than 90% of companies imo.
>Physical access is not a problem when basic other measures are not taken.
Why? In my home I have a Synology NAS server, not connected to the internet, where I store unencrypted data. It's not secure out of the box, and I didn't attempt to harden it.
You are welcome to hack me. Good luck.
Why should I need Internet/cloud to get something as basic as encryption?
I don't think it's off-topic at all!
Matt Blaze's analysis of the flawed OTPs used by Cuban numbers stations: https://www.mattblaze.org/blog/neinnines/
Trying to understand why the Nein Nines could happen. My first thought for a “fill” algorithm would be to just fill with zeros, and hence read out the pad, since it is going to be used up anyway. But I suppose that’s bad since if it did accidentally get re-used then that cyphertext would be fully compromised (versus say having two cyphertexts from the same pad to run a frequency analysis against). Another fill would be to add random data and pad against it, but then if your random data is flawed, you may still leak the OTP. So, I guess the actual algorithm must be derived from the OTP, but not padded with it? (Since if it were padded, there is no way to avoid a 9 digit). It just seems like zero or semi-random fill seems safer…
> My first thought for a “fill” algorithm would be to just fill with zeros, and hence read out the pad, since it is going to be used up anyway.
That also would use up the pad when there are no messages, requiring some secure way to get a new pad to the operatives when their existing pad is consumed. This is difficult enough (secure delivery of new pad) that it is unlikely that spy-HQ wishes to consume pad data for fill.
> But I suppose that’s bad since if it did accidentally get re-used then that cyphertext would be fully compromised
Yes, if they reused any part of any pad for more than one single message, they have compromised (and revealed) the contents of the reused pad messages. This is the other difficulty with OTP's. The OTP data must never be reused. Which is alo why spy-HQ would not want to use it (the OTP) up for the fill, because to avoid reuse then they have to get new pad material to the operatives in some secure way.
> So, I guess the actual algorithm must be derived from the OTP, but not padded with it?
The 'implication' of the article is that the fill is just random data (without using up any pad material). Possibly with the appropriate headers in place so that it looks indistinguishable from a read message in the same slot.
The further implication is that the Cuban station did something essentially like this:
With a rand() implementation that returned a number from zero to 1.0 exclusive of 1.0 and an int() implementation that merely truncated any fraction from the multiplication. With the result that 9 is never sent.Even if it returned 1.0, that would still leave 9 being produced a _very_ small amount of the time (like 1 in 18 quintillion assuming the full range of a float mapped from 0.0-1.0). Even at 20 characters, 24 times a day, year round, you’d only see a 9 pop up once in every 100 trillion years or so.
Lots of ways to mess that up (`rand() % 9`?). I’m more surprised that nobody noticed for so long. It’s not like this was some subtle cryptographic bug that would have required deep analysis to catch… “you had one job”, and just glancing at the output was, evidentially, enough for a lot of other people to catch on.
that's kind of the beauty of the system. we actually have no way of knowing if it was just random fill.
maybe they were just random digits with an off by one error or some other problem with the symbol set missing one symbol.
or maybe the supposed fill messages can actually be cryptographically confirmed as authentic fill messages via some clever scheme (that the implementation of turned out to be buggy).
or maybe someone from some sort of field operations chain of command just slammed the table and said "my people are tired of trying to decrypt fill messages, i don't care, just cut the nines out so the field agents know if there's a message."
that's what makes numbers stations fun. :)
It says in the article me that the spies would decrypt and verify a header before moving on to the main message. Presumably the fill messages would simply not have a valid header, or it would have a special header that indicated it was a fill message.
According to the Matt Blaze article, the Radio Havana numbers station sends 3 messages per hour. At the start of the transmission, three 5-digit message identifiers are sent for the 3 messages to be transmitted.
My guess is there's some cryptographic structure to these indicators that tells agents if the messages are for them, so they can shut down their listening early if none of the three messages are for them. If it were otherwise, I would expect each indicator group to be before (or inserted at a secret agent-specific offset within each message) each message. If you listen to the mp3 recording linked from Matt's article, you'll notice that the three indicator groups are repeated before the actual messages begin. Presumably the repetition is to guard against the indicator groups being garbled, since if the indicator group gets garbled, the whole message is garbled. On the other hand, a garbled regular message group would only result in a few characters of the plaintext being garbled.
Placing the indicator groups at constant (and secret) per-agent offsets within the messages has been known since at least WWII. In the case of an OTP, having a secret offset of the indicator group makes it harder to detect if the fatal error of pad reuse has been made. In the case of other ciphers, making the location of the indicator group secret also complicates cryptanalysis.
It wouldn't make sense to separate out the indicator groups like that unless it provides some operational advantage to offset the small cryptoanalytic toehold provided by highlighting the indicator groups. Allowing agents to shut down their listening early is the most obvious advantage I can think of.
The simplest cryptographic structure (and devoid of bias if the OTP is devoid of bias) would be to simply have the indicator group be the first 5-digit group for the next page in the OTP. The agent would need to check the next several pages of their OTP to verify they hadn't missed any messages. Encrypted headers within the messages could be used to handle the rare cases of collisions across agents, rather than introduce extra stucture (weaknesses!) to prevent any two agents from ever having duplicate indicator groups across their next few pages of OTP material.
Of course, it is also possible that these repeated indicator groups at the start of the transmission are just decoys and the real indicator groups are somehow hidden within the messages in some way that provides redundancy without revealing which groups are the indicator groups. Maybe the first three groups of the OTP page are placed at 3 constant offsets within the message or something.
But, my guess is that these repeated indicator groups at the start of the transmission really are there to let the agents know that they can shut down their listening early when there are no messages for them.
There's no way they have time to listen to Radio Havana every 20 minutes though.
Much more likely is that everybody has a time slot during which he's supposed to listen.
I didn't mean to imply that. What I meant to imply is that at the beginning of their appointed hour, they tune in to see if they have a message that day/week.
That seems reasonable.
However don't you think your own explanation of improving security against accidental key reuse could be the explanation, with the repetition being there only for that purpose?
The extra protection against key reuse requires the attacker to be uncertain of which group is the indicator group. Placing indicator groups at the beginning of the broadcast would prevent that, but would allow agents to better avoid detection by minimizing the time they need to listen.
Ah, yes.
And his recording of the Cuban numbers station, if you want to hear what these sound like: https://www.mattblaze.org/private/17435khz-200810041700.mp3
Here's a sample of the referenced "Linconshire Poacher": https://priyom.org/media/247818/e3.mp3
For a more thorough description of OTP see https://cryptosmith.com/2007/06/09/one-time-pads/
(1) a one time pad is and will remain highly secure (2) blocking shortwave radio (even if you are a nation state) is more difficult then taking down web assets. (3) there are benefits to security by obscurity when its part of a layered approach with constant maintenance and feedback (#3 is my controversial take)
> a one time pad is and will remain highly secure
A one-time pad generated correctly and used correctly will remain highly secure, provided you have a highly secure means of sharing the key material. There's a lot rolled into those assumptions.
At the same time "highly secure" is significantly underselling it. One time pads (if properly implemented) are information-theoretically secure. Even if you solve P=NP your one time pad will not be cracked. It is safe against an adversary with both infinite time and infinite compute.
That type of security comes at a cost.
And the cost is that one-time pads are a royal pain in the ass. But if you're willing to pay that price without cutting corners, you get a completely unbreakable crypto system that will laugh in the face of the NSA and quantum computers.
In fairness, quantum doesn't really help against normal crypto (of the type that is being discussed - symmetric). AES-256 will also laugh in the face of QC.
Indeed. Quantum is only useful (in principle) against some types of asymmetric algorithms.
TBH, I think "highly secure" might be overselling it. Yes, assuming you're generating random numbers well, there's actually zero chance your security will be breached because of an attack on your encryption algorithm. But there's not actually zero chance that your random number generation is flawed, and (very much more important) the cost is in making harder the pieces of your system that are probably more likely to fail in the first place. And of course you're still potentially vulnerable to traffic analysis and such even if all the rest goes right.
> But there's not actually zero chance that your random number generation is flawed, and (very much more important) the cost is in making harder the pieces of your system that are probably more likely to fail in the first place.
I don't think it's that hard to get true randomness. Just measure something random in nature like radio static.
There are server cards (or were at least some time ago) with tiny bit of mildly radioactive material, well enclosed of course, and a good sensor for those isotopes/particles.
I've heard other approaches including that static too, ie the famous analog TV without real signal, IIRC its cosmic microwave background, or camera watching water drops fall or similar. There are many other ideas (and probably products too), the only thing is one needs to keep it 100% reliable across long time.
The Lavarand is a cool example: https://en.m.wikipedia.org/wiki/Lavarand
Genuine question: How are those random sources actually used?
I would think that for crypto it’s very important to not just have random numbers, but to have a uniform random distribution. Many natural sources would be either Poisson or Gaussian; if you make an assumption for the distribution you could of course make it uniform, but that assumption would be a weakness if inaccurate or changing over time.
So how is a true random source usually used to ensure uniform random outputs?
A truly random source will yield independent and identically distributed values.
You can take a collection of those values and convert them to an index in the set of all possible permutations of those values. That index will be uniformly distributed in the range of the number of permutations, regardless of the input distribution so long as it's IID.
Once you have a uniform value on a range you can extract uniform bits from it.
See also: Von Neumann's debiasing algorithm.
In practice RNGs use some kind of debiaser, though often they use ones that leave a lot of entropy on the floor. OTOH, stronger debiasers are more harmed by failures to be completely IID (e.g. some inter-output correlation, or the distribution changing over time with temperature).
It’s a well known exercise in prob textbooks (edit: it’s the algo referenced in the other reply) to convert one distribution to another. If you can generate gaussians (or any other distribution) you can generate uniform variates. It’s a very simple application of rejection sampling that involves some efficiency loss, but that’s irrelevant at the time you’re getting your OTPs.
Perhaps not, but truly secure randomness is much harder. If someone else can measure the same thing you're measuring then it doesn't matter if it's random. If they can influence what you're measuring that's even worse. In the case of radio static, for example, your RNG could be compromised by a another compromised device simply colocated nearby.
In the event your adversary knows so much about your procedures that they can tune into the radio used to generate randomness, presumably it would be much easier just to steal the piece of paper the pad is written on.
Which does kind of further your point that one time pad makes more secure the parts that are already incredibly secure, while not helping the real weaknesses of cryptosystems i.e. the human element.
> There's a lot rolled into those assumptions.
Yes. No one seems to have mentioned VENONA.[1]
[1] https://en.wikipedia.org/wiki/Venona_project
The fact that 3 is controversial is telling of the sad state of the security knowledge of techies generally. The most people seem to be able to do is to cargo cult / parrot, misunderstand, and misappropriate quips like “security by obscurity bad!” when it, all else equal, is a perfectly reasonable and often useful additive measure to take if it’s available to you.
A knee-jerk aversion to anything halfway adjacent to "security by obscurity" is flawed, but this reaction to that aversion is also flawed.
Instead of trying to suggest "security by obscurity is fine, actually, and don't worry about it", it's time for us to just stop being pithy and start being precise: your cryptosystem should be secure even if your adversaries understand everything about it. If that is true, then you can (and, in the real world, almost certainly should) add defense in depth by adding layers of obscurity, but not before.
While “security by obscurity” may be good for some spy agency as an additional layer over a system that would remain secure even if it were published, most people are right to say that “security by obscurity bad!”, based on the known history of such systems.
The reason is that, without any exception, every time when some system that used “security by obscurity” has been reverse engineered, regardless if it was used for police communications, mobile phone communications, supposedly secure CPUs etc. it was discovered that those systems have been designed by incompetent amateurs or perhaps by competent but malevolent professionals, so that those systems could be easily broken by those who knew how they worked.
“Security by obscurity” is fine for secret organizations, but for any commercial devices that incorporate functions that must be secure it is stupid for a buyer to accept any kind of “security by obscurity”, because that is pretty much guaranteed to be a scam, regardless how big and important the seller company is.
Obscurity is OK only when it is added by the owner of the devices, over a system that is well known and which has been analyzed publicly.
> The most people seem to be able to do is to cargo cult / parrot, misunderstand, and misappropriate quips like “security by obscurity bad!"
That is the point. It is a good rule of thumb for people who don't know much about security. Anything they create trying to add more security to their system is more likely to do the opposite.
If you think you know better, feel free to ignore it. Just be aware you wouldn't be the first who thought they knew what they were doing or even the first who did know, yet still messed up.
This misunderstands how "security by obscurity" came about, because there are good and bad types of obscurity. Back in the 1800s people were selling shoddy locks that were easy to pick and they were mad that people were disclosing lock picking methods: https://www.okta.com/identity-101/security-through-obscurity...
This history repeated later, with people making shoddy cryptography where they didn't want anyone to know how it worked, and similar things, most of which got broken in embarrassing ways. This sort of obscurity was actively harmful and let people sell defective products that people relied upon to their detriment.
Meanwhile, there are good types of obscurity, too. For example, there are the information disclosure CWEs that tell users of products not to disclose version numbers, stack traces, etc. to users, and this sort of "obscurity" is perfectly reasonable and widely accepted.
So it's not the case that all things that might be termed "obscurity" are bad.
You can even poke holes in it using their own terminology. Obscurity is equivalent to minimizing attack surface area. The less adversaries know about your system the smaller of a target it is.
I think there's overlap between surface area and obscurity, but they're not equivalent. To use the most pedestrian example, moving SSH off of port 22 makes it more obscure, but the total surface area hasn't gotten smaller.
Anecdata: log files with failed login attempts became far smaller after leaving port 22.
Yeah. I think it's the result of conflating theoretical cryptography and practical IT security. Kerckhoffs's principle is true in the theoretical domain and it's certainly important that the designers of standardised crypto algorithms adhere to it but it doesn't follow that it's pointless to change your SSH port.
A good example of #3 are public share links.
Things are more secure if you share your file with a specific set of users, but that requires your counterpart to have an account with the system you’re using (eg a Google Account for Google Drive). When sharing files with an arbitrary counterparty, it’s often sufficient to generate a publicly available, unlisted/unindexed, hard to guess URL. Even better if it’s time boxed.
I’m sure there are attackers who attempt to identify and enumerate these URLs. If they’re well designed though, it should be infeasible to guess the link.
> it’s often sufficient to generate a publicly available, unlisted/unindexed, hard to guess URL
Unless a service is leaking or spidering the URL into a public index.
https://positive.security/blog/urlscan-data-leaks
https://arstechnica.com/information-technology/2014/05/dropb...
https://security.stackexchange.com/questions/239762/how-are-...
https://gizmodo.com/cia-websites-reportedly-led-to-the-expos...
It is much harder than it would seem to keep these links secret. If one of your assets gets caught by other means, they could endanger the entire network if they use the same methodology.
The CIA thought they had a super great system, and then many of their assets got rolled up at once in a hugely embarrassing (and deadly) blunder.
" there are benefits to security by obscurity when its part of a layered approach with constant maintenance and feedback"
im not sure i understand what this means, can you provide an example and why its controversial?
do you mean a one time pad using memes via image steganography on heavy traffic forums? I recall this is what North Korean spies used to do in early 2000s
> im not sure i understand what this means, can you provide an example and why its controversial?
There is a longstanding tradition of vendors of mediocre 'security' systems using trade secrets/restrictive license terms/anti-hacking laws to cover up their mediocrity.
If you're shopping for a garage door opener and one vendor publicly documents their security system and well known experts have given it their thumbs up, while another vendor says their system is secret and has sued people for attempting to reverse engineer it? Knowledgeable folk would have far more trust in the former than the latter.
still dont get it. are you saying the former is susceptible to layering attacks where they get people to drop their guard? or that the latter which is secretive is to conceal its actual use
https://archive.is/G9g7P
Sort of related - someone uses Windows 98 and tries to install a virus, but can't.
https://youtu.be/mbbRUDexuBk
That is amazing.
Security by obsolescence.
This is the article by Ingesson and Andersson.
Clandestine communications in cyber-denied Environments: Numbers stations and radio in the 21st century
https://www.tandfonline.com/doi/epdf/10.1080/18335330.2023.2...
Radio receivers have significant digital components which may leave more trail than the spy intends.
I like how some malware hides in plain sight and relays through google analytics.
You could buy a cheap old radio at a pawn shop.
A cheap old radio will rebroadcast what you are listening to at the IF frequency.
I've heard that before. So this statement in the article: "A high-powered transmitter can be located. But the receiver, tuning in to a station at a pre-scheduled time, cannot" is not strictly true?
If you're a spy and you think spycatchers know your address, there's a risk of them bugging your home and overhearing the numbers station, or breaking in and finding your one-time pads. So you should probably act with the utmost caution regardless of the details of radio receiver design.
Some radio receivers have existed that leak signal at the intermediate frequency, due to inadequate shielding. But it's not just a privacy problem, it also means that receivers operated near to one another can interfere with one another due to crosstalk at the intermediate frequency; it would be inconvenient if your car radio lost signal any time you were stuck in traffic and other drivers were using their radios. So usually designers add more shielding.
It's difficult to know the truth because there are some organisations that benefit from exaggerating the possibilities of things like this - for example, a cable company might hope to deter cable pirates by claiming they have roving detectors that can detect people pirating cable.
I think it's true from a distance. All electronic devices emit RF, though proper shielding can dramatically reduce it.
Shielding receivers is easy, and modern ones are pretty good, but cheap old radios often are not RF-quiet.
Sounds like the storyline for Battlestar Galactica :-)
The technical director on that remake had a sound head on his or her shoulders.
They correctly treated many aspects and details that today go ignored and addressed many of the issues that apply to us today with regards to adversaries who can by nature react faster than we can perceive.
The solution had cost tradeoffs, but in the end it proved the correct decision through virtue of the fact that the story continued (and they weren't all killed off in episode one).
> it proved the correct decision through virtue of the fact that the story continued (and they weren't all killed off in episode one).
In the show’s fictional plot, the decision seems correct because the story continued and the characters survived. However, we shouldn't judge decisions in real life by how they are portrayed in fiction. In modern fiction, decisions are often shaped to please audiences, not to reflect real-world correctness. Thus, it may not be wise to judge these fictional decisions by the same standards we use in real life.
Exactly. This is a pet peeve of mine, with the most common incarnation being: no, the dinosaurs in Jurassic Park do not escape because the writers proved that chaos theory makes a dinosaur zoo mathematically impossible, they escape because otherwise you and I would not pay to see the movie.
I remember after seeing Jurassic World in theaters a friend (who hadn't seen it yet) asked me if it was good, and I said something like "even though you know everything is going to go wrong, it's still entertaining seeing all of the set up before it happens", and they were upset at me for "spoiling" that the dinosaurs eventually break loose. I was taken aback because I thought it was pretty well understood that seeing dinosaurs wreck a bunch of stuff was basically the whole point of the franchise, and the movie would be boring otherwise.
In a way, I'm almost envious of the ability to experience a story without being distracted the "meta" knowledge that what happens at every step is a deliberate choice by the writer. I'd probably be a lot more into movies if I could somehow believe that events in them unfolded organically like in reality rather than sometimes being forced for plot convenience.
Well, maybe you mis-communicated and spoiled the dinosaur thing, since there's an inconsistency, because that doesn't make sense with the paraphrase you provided, seems like there is something missing.
That said, the development of meta knowledge is a sign of maturity.
It means you've watched or read enough of the same story to see the repeating pattern and by extension to see the holes that poor quality storytelling leaves.
It is magic for the reader when a story is crafted that can fully suspend disbelief especially when it is masterfully done. Some mediums and structures are really difficult to do this, like with the book The Reality Dysfunction (1400 pages?). There are something like 12 concurrent threads that jump around, its not that entertaining until you alter your reading habits and decide to skim or skip the threads of characters that don't interest you (saving them for a second read through if interest remains as a whole).
Needless to say, there are very few examples today of higher level of craft in current media because the corners have been cut beyond the point where they can remain in the finished product. The market has shrunk over time with the suppression of wages. You have to go back to much older production to really see this. If you haven't already watched it, check out the 1934 Count of Monte Cristo with Robert Donat, and a few of his other films (The 39 Steps) as a starter. Depending on your taste for more abstract film you might enjoy Ink with Christopher Soren Kelly, since it has many elements that are bit of a throwback to earlier cinema (if you haven't already seen it).
Overall, all it just means you need to focus on higher quality stories that surprise you. The meta knowledge helps you discern the trash from the gold.
There is far more trash today because most production companies have dual purposes. Making a profit, and seeking to distort reflected appraisal, pavlovian association of unrelated stimulus (associative priming), or destructively interfere with self concept of the viewer (without their knowledge), for thought reform and control; John Meerloo and Robert Lifton have background in that subject matter if you are interested in how actual brainwashing works in practice (its not absurd like they show in the movies, but it is often quite evil and dark not light reading).
You might enjoy reading The Hero of a Thousand Faces.
It is important to develop a cultured palette.
> Well, maybe you mis-communicated and spoiled the dinosaur thing, since there's an inconsistency, because that doesn't make sense with the paraphrase you provided, seems like there is something missing
My point is that Jurassic Park movies always involve dinosaurs running around freely and causing havoc rather than a fun trip to a fancy zoo, and I assumed that was everyone's expectation going in, whereas this friend genuinely thought there was a chance that no dinosaurs would escape their cages during the duration of the film. Re-reading my comment, it's not obvious to me why it doesn't make sense to you, so I think it's safer to assume that there's a miscommunication happening here rather than in the conversation I had almost a decade ago.
Reminds me of all the high school prompts like "What does the Lord of the Flies teach us about human nature". Nothing, its a complete work of fiction
> What does the Lord of the Flies teach us about human nature
It teaches us about the human propensity for propaganda.
I think that can be understood as "What does the Lord of the Flies opines about human nature"
Unfortunately, the School education system has decided that only a certain interpretation is correct.and sometimes that is not even interpretation of the books author
Well, in fairness the majority of that system has been taken over by communism. Quite a lot of the methods and techniques they use are based in Marx or Mao, though the teachers aren't taught the origins of the tools they use, which have been obscured.
For some background, Lifton, Meerloo, New Discourses (youtube), inform.
Every Hollywood production about a fictional President of the US has liberal policies working.
To be fair, hollywood productions hardly ever touch the whitehouse or policies playing out and showing effects, to the point where it almost seems like the lack of coverage is perhaps even intentional imho. I did a very quick internet search on "movies about the white house" just because I was drawing such a blank and I only get White House Down, Olympus has fallen, and Independence day as the main search results.
'Syriana' was superb. Didn't explicitly depict a WH or US President, but it did feature Congressional hearings.
See "The West Wing", for example. "Designated Survivor", for another.
Dr Strangelove?
Well, you missed out on a lot.
Stories should provoke flexible thinking and perspective shifts in an entertaining way, they should not make you unhappy.
If you get hung up on surface level things like that assuming the worst, you close your eyes to higher levels of perspective and thinking.
The series is largely about a single theme which is primarily about nature vs. man, and man's hubris and fallibility.
Yes, that does goes without saying for unvetted sources, what you say is just a less formalized way of saying, follow Descartes Rules of Method.
That said, the handling of the tech received a seal of approval from me, and I've quite a bit of professional background in IT System's Engineering, and a periphery of Cyber.
I mean what they do really is not that much of a leap, and would improve existing security by orders of magnitude by eliminating swatches of attack surface that the worst of the worst malware out there uses today.
Punch cards (upgraded) -> Optical printouts that can be physically changed to load firmware and and the functional software from a physically modifiable medium. (A known working, knokwn safe state at the lowest level).
No persistent internal state at the hardware/firmware controller levels (for bad actors to abuse with an APT such as some of the DMA shennanigans, hooking, and bus tricks).
Non-networked except between critical fortified systems (to limit spread).
Sure you take some performance hits, but its resilient with few single points of failure (such as the physical medium).
https://archive.ph/b3WVn
see also: the conet project. home recordings of numbers stations from around the world:
https://en.wikipedia.org/wiki/The_Conet_Project
audio now free on the internet archive:
https://archive.org/details/ird059
Not really a good article. You can and should apply the exact same argument to number stations as you apply to all the technology they criticize: they are vulnerable to being compromised at the supply-chain/provenance level. I'm not a radio expert but I'm also pretty sure that you can interfere with their signals. And you can communicate using OTPs using a computer network as long as you're smart about it.
Actually the one interesting point made is that nobody can track whether you're tuning into a particular station. On a network, there has to be some traceable path of connections between the transmitter and receiver: even if the message is hidden in some other content or transmitted through a bunch of proxies, that traceable flow of data must exist. It makes me wonder how common it is to open ephemeral p2p connections over shortwave to transmit data between two computers - I'm sure someone's thought of it, and I think I brought it up one time during a quant firm system design interview.
> Actually the one interesting point made is that nobody can track whether you're tuning into a particular station
That’s a juicy enough piece of information that they probably have something for it. Does the radio emit any heterodyne signals when tuned to particular frequency? Maybe a super-sensitive satellite, drone or other sensors can pick it up.
Another option I could think of is to somehow infiltrate and compromise popular short wave radio models sold. Make them emit some signal marker which would identify the radio station it’s tuned to.
Pretty far fetched but the three letter agencies have spent money on crazier stuff than that in the past
My counter-counter-intelligence idea is that since you know where the radio broadcast station is, you can probably implement some kind of faraday cage with an aperture oriented towards the broadcast station. That way any kind of radiation emitted from the receiver also gets sent in that direction. That way detecting a signal emanating from the receiver requires being in the cone outside of that aperture (and I doubt those signals are so strong that they can be seen from space).
I'm sure your counter-counter-counter measures might start from the premise that, with you also knowing the location of the broadcast station, you might be able to guess at the most likely receiving orientations if you knew the most likely places for a receiver to be located. Eg a shortwave reciever equipped with a faraday cage + aperture listening to codes from Russia in Manhattan would emit a cone in the direction of Stamford. But I also suppose that I might know my receiver emits this kind of signal, and use some other device to emit junk signals that look similar, or scatter around a bunch of receivers while only using one.
Or I might try to only set up receivers in places where the cone would be inconvenient for you to intercept, or obvious that you were trying to intercept. Eg over the ocean.
Security by obsolescence
how do you create encrypted communication that isn't easily triangulated?
some youtubers are pushing LoRa but its hardly secure or encrypted
creating your own number station requires shortwave broadcast which takes up a ton of power and your station is known
the only way to break 5E is good old paper with one time pad encryption with dead drops but its hardly efficient
LoRa is just a transport layer. You can do whatever encryption you want and LoRaWAN has some basic encryption built in. It's hard(er) to triangulate if you don't have constant traffic (like route updates in mesh, or heavy concentrated users like at a concert or protest), but be aware that AWS sidewalk (and all the alexa devices fielded in peoples homes, etc.) run LoRa antennas and traffic. So in the US, Amazon could do a reasonable job at triangulation of frequent emitters. In China and EU there is infrastructure in place (5G/SDR stuff overtly) that can do a pretty good job at triangulating a wide band of RF emitters.
Meshtastic is not really designed to avoid that, but more for resiliency and off-grid type scenarios. Your best bet of really avoiding triangulation by state or telco level infratructure is to get creative with frequency and even transport layer hopping. None of which is really consumer friendly.
[edit-to-add] another tactic to for low probability detection is to hide in noise on high traffic channels. basically figure out what their filter sensitivty is and see if you can go below that threshold and still maintain coherent channel, etc.
On the subject of hiding in high traffic channels, I wonder if I can even mention satellite piracy without getting on more watchlists. It's a thing that exists. Many satellites are relatively unsophisticated signal repeaters, and the antenna that receives their uplink signal isn't very directional, either. Or so I heard. Some companies have been known to go crazy trying to find out who's transmitting to their satellite that shouldn't, because they could be almost anywhere. Of course, if caught, they go to prison for a long time.
The United States military has legacy UHF satcom satellites that are essentially bent-pipes that operate on UHF frequencies. There is an entire subculture of South American and European pirates that uses these transponders for everything from clear voice to encrypted data.
and they do this right alongside active, legit meant US military users. It’s wild.
good god...please dont tell me theres a subreddit for this
> Of course, if caught, they go to prison for a long time.
I can’t imagine how that would work, I could be in a foreign country or international waters. Who would have your jurisdiction? I don’t think it’s forbidden to send radio waves into space
Anyone who can acquire physical access to your body. Don't think that being in lawless places means you can avoid the law - it means they don't have to follow the law either when catching you.
Yeah, it's also worth noting that Starlink and a few other commercial companies are offering text-based services to _unmodified_ cell phones (no special sat hardware), which means they can get signal, IMEI, etc. LoRa is also used as transport layer for some cube sats and edu type sats. A new company just tested Bluetooth-to-sat. So even on the commercial side there are overhead sensors that you may need to be concerned about on the triangulation front. It's a hard problem to crack...
Starlink satellites are not dumb signal repeaters. They also use relatively localised spot beams. But yes, anything you transmit through one probably can't be localised to within more than about a hundred km, if the only available information is which beam you're in at which time.
You'd need to avoid providing information about the time the beam crosses over your position, which means you'd only activate your connection sporadically, at carefully planned times. You might pick a location relatively near you and down-orbit from you, and connect when that location comes into view of a new spot beam, and disconnect when it's directly over that location, perhaps.
I think his point was that unmodified existing phones are now both in range of satellites and able to communicate with them, ie no towers needed for surveillance.
yeah, that was my point. sorry I wasn't more clear
Near verticial incidence skywave https://en.wikipedia.org/wiki/Near_vertical_incidence_skywav... using the HF bands and HF antenna very close to the ground. This will cause your signal to basically only go up and then bounce off the ionosphere. This causes you signal to skip a ring of a ~100 miles around you forming a donut of gound locations that can receive it from the ionosphere bounce.
The triangulation will not be to your location to to the ionospheric bounce. Locally it'll propagate via groundwave but that will quickly die out with the first hills and valleys.
A network of ~300 mi seperated stations doing NVIS could be fairly hard to locate. To make it slightly harder you could try using ultrawide bandwidth modulations (UWB) at HF freqs but propagations differences between the freqs will make it hard.
I say all of this but it depends on your threat model. Nowadays major nations have electromagnetic signals intelligence satellites even for HF up in orbit and have a line of sight to everything.
> isn't easily triangulated?
Depends.
Anything with high enough power is triangulateable, if you have either enough time, or enough listening equipment.
also what precision are we talking about?
on longwave you can bounce radio signals about quite a lot, but you lack bandwith, and the antenna are huge.
If you have a high band width transmitter, and you are doing async transmission, ie send a message when you are far away, then its not as critical.
Instinct tells me that you can have one of three, non triangulatable, secure/encrypted or high bandwidth
lot of us would take first two over high bandwidth
so far im seeing starlink + modded smartphone
"s4tll1te p1r4cy" that ppl outside N America ignore but supposedly risky for everyone else
variations on LoRa (still not convinced it can evade tri)
This is exactly what Meshtastic is designed to do. Messages are encrypted with AES256, its extremely low power (And thus hard to triangulate), and can use a low powered repeater, hiding the location of a sender using a directional antenna. Nothing is impossible in terms of tracing or finding vulnerabilities but Meshtastic makes it a pain for an adversary.
meshtastic is terrible for avoiding triangulation. you operate in receiver mode and you have a unique ID. so you can send nonsense packets to that ID repeatedly and it'll send them right out again.
Any kind of forwarding system with static IDs is very much not triangulation resistant.
If you're an average Hacker News user, you use Tor over the Internet. If you're a more paranoid one, you use Tor to access your Protonmail account that you use with Mixmaster.
Tor is neither anonymous or safe, there has been variety of vulnerabilities, zero days.
The other options involving radios, satellites is far more sexy
Fax Machines FTW baby
If that were the case, German intelligence would have a far better track record
"Radio is more resilient than software."
[dead]
[flagged]
Can you please provide evidence that this isn't a scam website? It's pretty common for scammers to prey on scam victims since they're often desperate and emotionally compromised.
No shit
I think those old technologies are still around, because it's hard to train older spies on new technology. They learned that knowledge decades ago and would have a hard time to learn new things. So they let them use the stuff they know, instead of risking some boomer making an opsec mistake by updating their Facebook status on a secure device while doing sensitive communication.
I would wager that is has more to do with leveraging existing infrastructure that is commonly deployed to more than just G7 nations and working with people in those countries who may not have a Q branch handy nor could afford to be caught with gear-turned-evidence.
As well, as any honest engineer knows, new tech is rarely reliable and bug free. You may adopt it for other benefits, but assurance is generally not one of them. So if lives depend on something, you may keep using things that have been proven reliable.
At least the USA and our allies are extremely conservative in adoption of unproven tech and have extremely high standards for security. The article states "modern methods are not safe" and is correct, in my experience. Numbers stations and One-Time Pads are a well-known and proven method, not just the encryption, but the entire process from delivering the pads to receiving the messages.
> hard to train older spies on new technology
It’s even harder to train new people in Old technology. Just write a code base in Fortran And see how hard it is to find a developer.
I’m quite confident you could send messages all day using the methods of Ancient Rome without being ever detected.
> It’s even harder to train new people in Old technology
My thought is, that new people are trained on modern technology (how to acquire and set up a secure laptop OS or how to configure a smartphone), and older employees still "run" on the old technology.
Hz pm!
This is such a HN response. “If they aren’t using new technology, it’s gotta be [disparagement and putdowns, without any consideration being paid to whether or not the ‘newer’ stuff is worth it, let alone better]”
Around 10 years ago there were some Russian "illegals" captured in Germany. It was really a lot like in the TV show "The Americans".
They seemed to have communicated a lot with radio and coded messages. They also used some Windows software to decode some of those messages. And exactly there they made a mistake and some messages could be restored.
It seems like they only got very limited recurring training after their initial training in the 90s. So they might have had very limited IT opsec knowledge.
The analog radio technology is also far from perfect. In their case the neighbours became suspicious, because they never opened the door at specific times, probably when their transmissions were scheduled. They also sent some radio transmissions from a nearby hill, that might have played a part in their capture.
I'm convinced that some encrypted messages over a commonly used messenger or email provider would be way more secure. They would just disappear within billions of other encrypted messages.
Did you read the article?
Yes, I did.
no